Move invent_firstbits() into sshrsag.c.

It's now a subroutine specific to RSA key generation, because the reworked PrimeCandidateSource system can handle the requirements of DSA generation automatically. The difference is that in DSA, one of the primes you generate is used as a factor in the generation of the other, so you can just pass q as a factor to pcs_require_residue_1, and it can get the range right by itself. But in RSA, neither prime is generated with the other one in mind; they're conceptually generated separately and independently, apart from that single joint restriction on their product. (I _could_ have added a feature to PrimeCandidateSource to specify a range for the prime more specifically than a few initial bits. But I didn't want to, because it would have been more complicated than doing it this way, and also slightly less good: if you invent one prime first and then constrain the range of the other one once you know the first, then you're not getting an even probability distribution of the possible _pairs_ of primes - you're privileging one over the other and skewing the distribution.)
2025-07-01 11:32:48 -05:00 · 2020-02-23 15:31:05 +00:00
parent da3bc3d927
commit 13f594f02d
3 changed files with 115 additions and 112 deletions
--- a/ssh.h
+++ b/ssh.h
@ -1335,7 +1335,6 @@ int eddsa_generate(struct eddsa_key *key, int bits, progfn_t pfn,
 mp_int *primegen(
    int bits, int modulus, int residue, mp_int *factor,
    int phase, progfn_t pfn, void *pfnparam, unsigned firstbits);
-void invent_firstbits(unsigned *one, unsigned *two, unsigned min_separation);

 /*
 * Connection-sharing API provided by platforms. This function must